While other MediaPost newsletters and articles remain free to all ... our new Research Intelligencer service is reserved for paid subscribers ...

Subscribe today to gain access to every Research Intelligencer article we publish as well as the exclusive daily newsletter, full access to The MediaPost Cases, first-look research and daily insights from Joe Mandese, Editor in Chief.

Commentary

PageFair Hacked, Distributes Malware With Anti-Blocking Analytics

Publishers who tried to do something about it also found themselves exposed to hackers who used their sites to distribute
malware to readers over Halloween night from October 31-November 1, according to ad blocking analytics firm PageFair, which admitted the breach in a blog post this week.

PageFair provides analytics that allow publishers who sell inventory through ad networks to detect when readers are using ad blockers, and substitute “non-intrusive”
ads for the blocked ads to reclaim some of the lost revenue.

Hackers apparently used PageFair’s own analytics network to distribute Trojan malware during a 83-minute period; the attack
was detected within five minutes but took over an hour to stop.

A small proportion of PageFair’s customers (2.3%) were affected, and even within this small number, relatively few
visitors would have actually been infected, but PageFair CEO Sean Blanchfield didn’t try to minimize the security breach.

He noted: “If you are a publisher using our free analytics
service, you have good reason to be very angry and disappointed with us right now… I am very sorry that this occurred and would like to assure you that it is no longer happening… The
attack was sophisticated and specifically targeted against PageFair, but it is unacceptable that the hackers could gain access to any of our systems.”

The Javascript Trojan, disguised as
an update to Adobe Flash, infected computers using Windows to get them to join a botnet. Some virus scanners on were able to detect the malware and prevent infection, but not all. On a positive note,
PageFair said none of its core servers appear to have been breached, so publishers’ accounts should be secure.

Of course, ad blocking itself is still a growing threat to
publishers’ business. This week, a Dutch tech site, Guru3D.com, said ad blockers were costing it roughly half of its ad revenues in a blog post urging readers to turn off ad blocking programs,
according to Bloomberg.

The attack was detected in five minutes, and took over an hour to stop. To me, this is the crux of the issue of why third-party ad security and verification tools exist. Full disclosure, I work for GeoEdge -- and we know not only how to detect malware, but can pinpoint exactly the source in addition the data needed to halt the campaign. Maybe, this hack is less of one of the "perils" for publishers using ad blocking software and more of a peril for not having a third-party ad security solution.

Hey Erik. Rob here from MaxCDN, the content delivery network used by PageFair. Thanks for covering this story. It sheds a lot of light on how businesses and the general population often forget about prioritizing account security.

In case any MaxCDN users come across this post, I wanted to share this article of ours that covers steps for preventing people with malicious intent from accessing your MaxCDN account: https://www.maxcdn.com/blog/secure-maxcdn-account/

A lot of these steps can apply to other services as well. This article was written in response to what happened with PageFair.